Saturday, April 4, 2009

Installing Snort 3.0 (SnortSP) Beta 3 on Ubuntu 8.04 in 3 Steps

Snort 3.0 Beta 3 was released on April 1. You can read an overview of the changes in Snort 3.0 Beta 3 in the mailing list announcement. For more details on the underlying architectural changes in Beta 3, see Marty Roesch's blog. Thanks to Marty and the rest of the Snort 3 Development Team for their hard work in this release!

Installing Snort 3.0 Beta 3 on Ubuntu 8.04 is almost identical to installing Snort 3.0 Beta 2 on Ubuntu 8.04. However, I did have an issue with the Snort 2.8 Detection Engine not compiling correctly. This turned out to be libtool not liking the fact that /bin/sh was symlinked to /bin/dash instead of /bin/bash. The one-line fix was:

rm /bin/sh && ln -s /bin/bash /bin/sh

(Special thanks to Russ Combs of the SnortSP development team for his assistance with this issue.)

The "Forbidden" error is not coming from your local system; it is an HTTP 403 Forbidden error coming from snort.org. The most likely cause is that you exceeded the download limit for snort.org. If you put the address in a browser, you would probably see the full HTTP 403 Forbidden error like the following:

i tried today and managed to get till the penultimate step but it replies that no such file or directory exists. also, mkdir /etc/snortsp didn't work directly and I had to use -p option to create the directory.

root@dolphin-laptop:/usr/local/src/snortsp-3.0.0b3/src/analysis/snort# ./configure\> --with-platform-includes=/usr/local/include\> --with-platform-libraries=/usr/local/lib-bash: ./configure--with-platform-includes=/usr/local/include--with-platform-libraries=/usr/local/lib: No such file or directory

Security Onion

Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!